30 June 2011

I was saddened to read today of the death of
Robert
Morris.
I had a great deal of respect and admiration for him, and learned a
great deal from him, especially about doing security in the real world.
He stressed the cost of an attack, as opposed to its mere conceputal
feasibility. My favorite encounter with him was a question he asked
of a speaker who was touting his new, secure OS: "How do you back up
and restore the disk?" The speaker was flummoxed; he'd never thought
about that issue. But to Morris, a system had to be not just secure
but useful.